CLAIMS : 

1. A security management method for a network 

system in which a client, an application server and an 
integrated authentication server can communicate with 
each\pther through a network, comprising the steps of: 

\ making a service request by transmitting 
information of a certificate from said client to said 
application server; 

transmitting the information of the certificate 
from said application server to said integrated authenti- 
cation server t^ request said int^^ated authentication 
server to conf irirK said certifVcatd; 

conf irmiiVg, by saic^ integrated^a'uthentication 
server, said certificate and Ipheqkixm^^ user for right to 
access said applicatio\i server; and 

if valid, transmitting a user ID and a password 
to said application servers to perform, by said applica- 
tion server, authenticationXbased on said user ID and 
said password. \ 

2. A security managemen^^ method for a network 

system in which a client, an appVication server and an 
integrated authentication server c\n communicate with 
each other through a network, comprrfeing the steps of: 

making a service request by Ntransmitting 
information of a certificate from said Client to said 
application server; \ 

confirming, by said application server, said 
certificate and transmitting the information \f said 
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Certificate from said application server to said inte- 
gI^^ted authentication server to request a user ID and a 
password; 

checking, by said integrated authentication 
server,\a user for right to access said application 
server ai\d if valid, transmitting said user ID and said 
password ti^ said application server; and 

peVforming, by said application server, authen- 
tication basea\on said user ID and said password, 
3. A seciirity management method according to claim 

1, wherein said cJS^ent records, asra^ess history infor- 
mation, results of Security check including a result of 
the confirmation of s*^id certificate whicK is executed by 
said integrated authentidcation server and said applica- 
tion server between initVal log-in to the system and 
final log-off from the system, a result of checking right 
to access said application a^rver, a result of authenti- 
cation of said user ID and sa\d password and a result of 
checking the right to access da^a held by said applica- 
tion server, said integrated authentication server 
records, as access history information, the result of the 
confirmation of said certificate andVthe result of the 
security check including checking the Vight to access 
said application server, and access concrsLtions of the 
user is checked by collating the access hr^tory infor- 
mation recorded by said client with the access history 
information recorded by said integrated authentication 
server. \ 



\4 . A security management method according to claim 

wherein said client records, as access history infor- 
mation, results of security check including a result of 
the >conf irmation of said certificate which is executed by 
said ijitegrated authentication server and said applica- 
tion server between initial log-in to the system and 
final log-off from the system, a result of checking the 
right to access said application server, a result of 
authentication of said user ID and said password, a 
result of checking right to access data held by said 
application server, said integra-tred authentication server 
records, as access history information, the /result of the 
confirmation of said certificate apid th^/^esult of the 
security check including chejcking right to access said 
application server, \and access conditions of the user is 
checked by collating Vthe access history information 
recorded by said cliera: with the access history informa- 
tion recorded by said integrated authentication. 
5 . A computer program implemented on a storage 

medium readable by an integrated authentication server in 
a network system in which a\ client, an application server 
and said integrated authentication server can communicate 
with each other through a network, said program compris- 
ing the steps of: \ 

(a) receiving information of a certificate 
transmitted from said client via sasid application server, 
and (b) confirming that said certificate is valid; 

(c) checking whether a user (Df said certificate 



\ 
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as the right to access said application server; and 

(d) if the results of checking in (b) and (c) 



areV valid, transmitting a user ID of the user and a 
password to said application server to cause said appli- 
cation^ server to authenticate said user. 
6 . \ ^ computer program implemented on a storage 

medium readable by an integrated authentication server in 
a network sy-stem in which a client, application servers 
and said integrated authentication server can communicate 
with each othOT, said program comprising the steps of: 

(a) receiving a user ID^^ai^^ a password trans- 
mitted from said iilient through/a fjjjjSrst application 
server; \ 

(b) checkino whetherla x/se^L^i^^ said user ID has 
right to access said first application server; 

(c) if a result of checking in (b) is valid, 
preparing a temporal certryficate of said user, and (d) 
transmitting said certificate to said client through said 
first application server; \ 

(e) receiving information of said certificate 
transmitted from said client through a second application 
server; \ 

(f) confirming that said o^ertificate is valid; 

(g) checking whether a userXof said certificate 
has right to access said second application server; and 

(h) if results of checking in \ f ) and (g) are 
valid, transmitting a user ID of said users, and a password 
to said second application server to cause ^aid second 
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appxication server to authenticate said user. 

\ A security management method for a network 



aip^lic 



system in which a client^ an application server and an 
integra^ted authentication server execute communication, 
comprisii^g the steps of: 

\transmitting information of an integrated 
certificates, from said client to said integrated authenti- 
cation serves to request said integrated authentication 
server to authenticate said integrated certificate; 

perfoiming, by said integrated authentication 
server, conf irmat^ion of said integrated certificate and 
process for authenticating a user/of i^aid client and in 
connection with a request made hSy sayd client for 
communicating with an\ applicatipn ocl said^^application 
server or a communicat:^pn partner, checking by, said 
integrated authenticatioia server, whether a user has 
right to access said appl:&ication or right to communicate 
with said communication partner; 

if the result of checking is valid, transmit- 
ting a certificate of said cliient, said application 
server or said communication partner to an entity 
concerned in coimnunication; 

ciphering, in said client^, a communication 
message to said application server oV said communication 
partner by using key inf oonnation which is inherent to 
said client and which paired with information of said 
certificate ; 

confirming, in said application ^rver or said 
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cbmmunication partner, said client on the basis of the 
information of said certificate and decoding said 
coimn^nication message; 

ciphering, in said application server or said 
communication partner, a communication message to said 
client byv using key information which is inherent to said 
application, server or said communication partner and 
which paired\with the information of said certificate; 
and 

conf ifsping, in said client, said application 
server or said coihjnunication partn^^r-^^n the basis of the 
information of said\certif icate a^nd dfflcoding said 
communication message 

8. A security management VmetycJcl for ^network 

system in which a clienuy an apploTcation server and an 
integrated authentication\server execute communication , 
comprising the steps of: 

receiving, in said\ application server, a 
certificate revocation list concerning a service in which 
said application server participates; 

transmitting information of a common integrated 
certificate which a user has in respect of a plurality of 
kinds of services from said client \o said application 
server; 

transferring the inf ormation\of said integrated 
certificate from said application server^ to said inte- 
grated authentication server; 

carrying out, in said integrated \authentication 



server, Gonfirmation of said integrated certificate and 
check:ing the user for right to access and if results of 
the confirmation and the checking are valid, transmitting 
said ceis^ificate of said user concerning the service in 
which sai?i application server participates from said 
integrated Authentication server to said client and said 
application s^srver; 

comparing, in said application server, said 
certificate withXsaid certificate revocation list; and 

when saidi certificate is found in said 
certificate revocation list, rejeptirf^ a service request 
from said user to saio^ application setfver, 
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9 - A security management 

system according to claims 8, wh4re;ifn s^^id integrated 
authentication server automatically delivers said 
certificate revocation list Vo said application server, 
10. A computer program ktored on a storage medium 

readable by an integrated authentication server in a 
network system in which a client \ a server or a communi- 
cation partner and said integratedXauthentication server 
can communicate with each other, sard program comprising 
the steps of: 

(a) receiving information of kn integrated 
certificate which is transmitted from sard client and is 
common to a plurality of kinds of services^ 

(b) confirming that said integrat^ certificate 

is valid; 

(c) checking whether a user of said iSntegrated 
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certificate has right to access said application server 
oV said communication partner; and 

(d) if results of checking in (b) and (c) are 
valiVi, transmitting to said client a certificate of said 
user concerning the service in which said application 
server participates . 

11- \ A computer program stored on a storage medium 

readable bV an integrated authentication server in a 
network sysrem in which clients, application servers or 
communicationNpartners and said integrated authentication 
server can communicate with ^ach !|yjther, said program 
comprising the sr^ps of: 

(a) tran^itting to a gfl\j.ent >^ich makes a 
request for a servic^ a certifTcate of said service; and 

(b) transmitsting a certificate revocation list 
to an application serveir or a communication partner which 
requires authentication cvf said client. 

12. A network system \comprising : 

a client responsive to a service selection from 
a user to transmit, together with a service request, a 
common integrated certificate wJkich is defined for 
individual users in respect of a V^^^^lity of kinds of 
services to an application server tJirough a network; 

said application server adiapted to receive said 
service request and said integrated certificate and 
transfer said integrated certificate toXan integrated 
authentication server through said network; and 

said integrated authentication server adapted 
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\ to transmit security information of said user, which is 
^cessary for the process of authentication between said 
clYent and said application server and which concerns a 
servsice in which said application server participates, 
through said network when said received integrated 
certifiG;ate is confirmed to be valid. 
13. \a network system comprising: 

a\client responsive to a service selection from 
a user to traVismit, together with a service request, a 
common integrand certificate which is defined for 
individual users\in respect of/ a pi irality of kinds of 
services to an app\J.ication se/tver "^^rough a network; 

said appliScation sdrver/adapted to receive said 
service request and s\id integ^^ed certificate, transfer 
said integrated certifrcate to an integrated authentica- 
tion server through saidVietwork and have a certificate 
revocation list concerningXa service in which said 
application server participaStes ; and 

said integrated autKentication server adapted 
to transmit a certificate of saSLd user which concerns the 
service in which said application, server participates and 
which is necessary for the processXof authentication 
between said client and said application server when said 
received integrated certificate is coW irmed to be. valid, 

wherein when said certificated is included in 
said certificate revocation list at timeXthat said 
application server receives said certificate, together 
with said service request, from said client\ said 
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applfb^ion server rejects authentication process mutual 
with said csLient, 

14, A netv^QL^ system accjbrdinrf^ to claim 12, wherein 
said integrated authelvt^ication ^erver^'^'conf irms whether 
said integrated certif icatfe^s^s valid, 

15. A network system acco?d4ng to claim 12, wherein 
said application server confirms whetli^ said integrated 
certificate is valid, 



